Counter-Forensic Privacy Tools A Forensic Evaluation Matthew Geiger, Lorrie Faith Cranor June 2005 CMU-ISRI-05-119 Institute for Software Research, International, Carnegie Mellon University School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213-3890 Abstract Modern operating systems and the applications that run on them generate copious amounts of data about their users’ activity. Users are increasingly aware of their privacy exposure from these records and from digital artifacts that linger after files are “deleted” on computers they use. Efforts to redress this privacy exposure have spawned a range of counter-forensic privacy tools – software designed to irretrievably eliminate records of computer system usage and other sensitive data. In this paper, we use forensic tools and techniques to evaluate the effectiveness of six counter-forensic software packages. The results highlight some significant shortfalls in the implementation and approach of these tools, leading to privacy concerns about the exposure of sensitive data. The findings also raise questions about the level of privacy protection that is realistic to expect from these tools, and others that take a similar approach. TABLE OF CONTENTS Introduction ........................................................................................3 Background.........................................................................................5 Testing Methodology.............................................................................7 Privacy tool testing...............................................................................9 Analysis platform and tools..................................................................11 Analysis Results .................................................................................11 The privacy implications for Larry ......................................................14 Failure areas...................................................................................14 Information disclosure......................................................................18 Lessons from failure.........................................................................19 Vendor notification ..........................................................................20 A market comparison .......................................................................20 Search for standards........................................................................21 Privacy-protective alternatives ..........................................................22 Implications and Future Work ..............................................................24 Acknowledgments ..............................................................................25 References ........................................................................................26 APPENDIX A – About the privacy tools analyzed .....................................28 Window Washer 5.5 .........................................................................28 Windows & Internet Cleaner..............................................................28 CyberScrub Pro ...............................................................................29 Evidence Eliminator .........................................................................29 Acronis Privacy Expert......................................................................30 SecureClean ...................................................................................31 APPENDIX B – Individual tools’ test results ............................................31 Window Washer ..............................................................................31 Windows & Internet Cleaner Professional ............................................36 CyberScrub Professional ...................................................................37 Evidence Eliminator .........................................................................38 Acronis Privacy Expert......................................................................41 SecureClean ...................................................................................42 APPENDIX C – Privacy tool configuration details......................................45 Window Washer 1 & 2 configuration ...................................................45 Windows & Internet Cleaner Professional configuration .........................49 CyberScrub Professional configuration ................................................51 Evidence Eliminator configuration ......................................................53 SecureClean configuration ................................................................57 Acronis Privacy Expert configuration...................................................60 APPENDIX D – Consumer-oriented software reviews................................61 APPENDIX E – Directory and file listing for test system ............................63 2 Introduction Modern computer operating systems and the applications that run on them generate copious amounts of data about their users’ activity. These records increasingly have become the focus of investigation in legal and personal disputes, as well as a risk to privacy and security in shared computer environments. At the same time, user awareness is growing that “deleting” files doesn’t mean obliterating the information they contain – an awareness heightened by such newsworthy events as the 1986 resurrection of erased Iran-Contra records from Oliver North’s computer to the recovery of files and e-mail communications in the Enron Corp investigation. Concern about recovering privacy-sensitive data from computer systems takes on greater significance in light of recent trends in computer use. Employees use company computers for personal e-mail, shopping and banking. When companies provide employees with laptops to work at home, other family members often use these computers too. As a result, company computers may contain sensitive, personal information that individuals want to keep private, as well as records that companies have a legitimate interest in protecting and examining. Monitoring of employee activity on computers is increasingly commonplace (EPIC 2004). Companies’ interest in tracking computer use is underscored by surveys that show insiders are responsible for about half of computer crimes and related misconduct (Gordon et al, 2004). Companies also monitor employees’ online activity to comply with legal obligations to provide a harassment-free working environment, or to enforce company policy. Others block access from the corporate network to Web sites critical of the company or that contain other objectionable content. It’s not just network traffic that is monitored; companies also routinely examine the contents of storage media, like computers’ hard drives, sometimes using forensic tools to recover deleted material. Nearly one in four companies searches employees’ e-mail and computer files for key words and phrases, according to an American Management Association survey on workplace monitoring (2001). These colliding interests have spawned a market for specialized software designed to guard users' privacy. Users have access to an array of commercial tools that claim to remove all traces of privacy-sensitive information about their computer usage, including documents they've created, records of websites they’ve visited, images they’ve viewed, files downloaded and programs installed and executed. User concerns about this data range from eliminating information that exposes them to financial loss, such as online banking credentials, to ensuring purely personal information is kept private. Counter-forensic privacy tools locate activity records scattered across the computer filesystem and seek to erase them irretrievably. 3 The technical challenge of finding and eliminating this sensitive data is far from trivial given the complexity of modern computer operating systems, designed to preserve data rather than shed it. Yet rigorous testing and evaluation of these privacy tools is lacking. Online resources that offer consumer-oriented advice about commercial privacy tools consist of comparisons of advertised features, usability and support, rather than evaluations of the tools’ performance. Software reviews published in the technology press have included only cursory assessments of performance (see http://privacy-software-review.com and Appendix D for examples). We were unable to find a published evaluation of the comprehensive data protection performance of the tools selected for this report. Our research attempts to bridge the knowledge gap about how much privacy protection these tools offer. Employing accepted forensic tools and methods, we examine the performance of six commercial privacy tools. We evaluate the tools' abilities to purge a range of activity records and other data representative of real-world privacy sensitivities. The evaluation’s methodology and findings are intended to be reproducible and extensible. Our analysis of the tools' performance identifies shortfalls and challenges in their approach to sanitizing data – and discusses how future privacy tools could more reliably address these concerns, along with alternative methods to protect sensitive user data. To flesh out the challenge faced by these privacy tools, we first review filesystem and operating system behavior and existing research in the secure deletion of data. Our preparation of a test system and of the tool evaluations follows, along
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages64 Page
-
File Size-